-Alias /idp/ui /var/www/idp/ipsilon/ui
-WSGIScriptAlias /idp /var/www/idp/ipsilon/ipsilon/idpserver.py
-WSGIDaemonProcess idp python-path=/var/www/idp/ipsilon/ipsilon home=/var/www/idp/ipsilon/ipsilon maximum-requests=2 user=ipsilon group=ipsilon
+Alias /idp/ui /usr/share/ipsilon/ui
+WSGIScriptAlias /idp /usr/libexec/ipsilon.py
+WSGIDaemonProcess idp maximum-requests=2 user=ipsilon group=ipsilon
WSGIProcessGroup idp
-<Location /idp/login/krb/negotiate>
- AuthType Kerberos
- AuthName "Kerberos Login"
- KrbMethodNegotiate on
- KrbMethodK5Passwd off
- KrbServiceName HTTP
- KrbAuthRealms IPA.DEV.LAN
- Krb5KeyTab /etc/httpd/conf/http.keytab
- KrbSaveCredentials off
- KrbConstrainedDelegation off
- KrbLocalUserMapping On
+<Location /idp/login/gssapi/negotiate>
+ AuthType GSSAPI
+ AuthName "GSSAPI Single Sign On Login"
+ GssapiCredStore /etc/httpd/conf/http.keytab
+ GssapiSSLonly On
+ GssapiLocalName on
Require valid-user
- ErrorDocument 401 /idp/login/krb/unauthorized
+ ErrorDocument 401 /idp/login/gssapi/unauthorized
+ ErrorDocument 500 /idp/login/gssapi/failed
</Location>
-<Directory /idp>
+<Directory /usr/libexec>
Order allow,deny
Allow from all
+ Require all granted
</Directory>